Compliance with MLRs

Law firms / conveyancers providing in-scope legal services must observe and adhere to the Money Laundering, Terrorist Financing and Transfer of Funds (information on the Payer) Regulations 2017 (as amended) (MLRs) along with the relevant sectoral guidance (see ‘Resources’ section below).

High Risk Factors

As part of your Customer Due Diligence (CDD) measures, you would be expected to identify the presence of any high-risk factors (as defined under Reg 33(1)(a) to (e) of the MLRs).  Where high risk factors exist, your clients must be subject to Enhanced Due Diligence (EDD) checks.  You must notify PEXA immediately and provide copies of your EDD checks within 2 Business Days and you must not proceed to settlement without agreement from PEXA.   

Source of Funds / Source of Wealth

You are expected to take steps to understand the nature, background and circumstances of your clients, including their financial position.  This will include an assessment of your clients’ financial circumstances and where applicable whether the Source of Funds and Source of Wealth align with the background and wider profile of your clients.  You should also verify the origins of any gifted deposits your clients receive.  You should ascertain where the funds have come from, how they are accumulated and ensure on a risk-based approach that they are not proceeds of crime.

You must ensure that any monies sent to PEXA are either from your firm’s Client Account or your client’s personal UK bank account.  We do not accept payments from third parties or non-UK bank accounts.  Once you have confirmed which bank account your clients will be using to send funds to PEXA, you must ensure that you have established the Source of Funds and Source of Wealth for that specific bank account.  These details are to then be uploaded to the PEXA Platform by completing all of the required fields.  It is vitally important that funds received by PEXA correspond with the bank account information that we hold to avoid any delays.  Please do not share the details of PEXA’s Source Account with your clients before such time that you have verified the Source of Funds for that account, you have uploaded the account information to the PEXA Platform and only once funds are required. 

Sanctions

You are expected to undertake adequate screening of your clients to identify whether they are a ‘Designated Person’.  This would include understanding who your clients are, who they are owned or controlled by, and potentially the counterparties and any third parties providing funds. 

This will involve checking the identities of all your clients (for non-natural persons anyone with control over the entity or with at least a 50% stake) and counterparties against the UK Consolidated Sanctions List as a minimum. 

Screening at a low frequency rate, i.e., anything less than daily, creates a risk the information used to screen is out of date.  You should, therefore, ensure that checks are performed daily and at the very least, on the day but before uploading your clients’ information to the PEXA Platform and on the morning of, but prior to, any exchange and completion of contracts. 

You can carry out such checks by either using digital screening tools that check against the list, or by using HM Government’s free screening platform, which can apply ‘fuzzy logic’.   

It is important that where a client, counterparty or third party to the transaction is identified as a Designated

Person that you immediately suspend all work and make a report to the Office of Financial Sanctions Implementation (OFSI) in accordance with your legislative obligations.  You must never provide PEXA’s bank account details to any Designated Person in the absence of: 

• an OFSI licence having been granted; and,
• having obtained written authority from our Money Laundering Reporting Officer (MLRO).  (Note: the PEXA MLRO will require a copy of the OFSI licence granted so that they may inspect the terms thereof).

Electronic Verification Systems 

Where using a digital or electronic verification system to authenticate information or documents provided by your clients, you should ensure that use of the system is compliant with the MLRs and applicable sectoral guidance.  In particular:

• you will ensure to conduct electronic verification through a platform that is a reliable source (i.e., secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity);
• you have an understanding of the underlying technology of any electronic verification system used (inputs into the system, data sources used, outputs from the system and what they mean);
• you confirm that the system seeks assurance testing and certification by the government, an approved expert body, or other internationally reputable expert body, as per Financial Action Task Force guidance; and,

• you should ensure that specific training is provided to those employees undertaking an active role in due diligence procedures or discounting / escalating potential screening matches.

Staff Training

It is important that your staff receive robust, ongoing training, which is commensurate to their roles and responsibilities.  Training must include awareness of the MLRs, Proceeds of Crime Act Part 7 and Terrorism Act Part 3 reporting requirements, legal professional privilege and data protection requirements. 

It is also prudent to ensure that:

• those responsible for conducting searches using electronic verification systems are adequately trained to ensure the validity and accuracy of client data input, and that all necessary data is submitted in the correct fields;
• those responsible for evaluating and making decisions on sanctions, PEPs or adverse media screening outputs are sufficiently trained with regards to what those outputs mean, and what further actions may be required to ensure further verifications are obtained;
• staff receive training so they can recognise red flags / risk indicators as relevant to their duties and responsibilities, along with other relevant laws;
• you have procedures in place for the communication of Policies, Controls and Procedures (PCPs) to all staff (and agents / contractors where applicable); and,

• you maintain records relating to any AML / Counter Proliferation Financing (CPF) / Counter Terrorist Financing (CTF) / Sanctions training carried out.

Data Retention Periods

Please ensure that you retain CDD information for the required retention period prescribed in the MLRs, this being 5 years after the end of a business relationship with a client / date of an occasional transaction.

Suspicious Activity Reporting

Your MLRO has a duty to make a disclosure (Suspicious Activity Report (SAR)) to the National Crime Agency (NCA) where they know or suspect, or have reasonable grounds for knowing or suspecting, that a person is engaged in money laundering.  Your MLRO should also ask the NCA for a Defence Against Money Laundering (DAML) in order to carry out an activity that is otherwise prohibited by the MLRs under the Proceeds of Crime Act 2002. 

You are expected to decline to proceed with or authorise any transaction on the PEXA Platform where you intend to, or have submitted, a SAR in relation to that client.  Permission to proceed with a transaction via the PEXA Platform will be contingent on obtaining consent from the NCA and the prior approval of PEXA’s MLRO.  PEXA will consider transactions subject to SARs on a case-by-case basis and will require full disclosure of all materials submitted to the NCA, together with their response and evidence of any consent provided.  It is therefore essential that your client retainer acquires consent to make such disclosures to PEXA.

The responsibility for making a report to the NCA will be for your MLRO, even where you make a discovery after your client’s details have been added to the PEXA Platform.  Where you do identify any suspicious activities that you deem to be reportable, which relate to a client and the settlement has already been approved on the PEXA Platform, you must ‘un-approve’ the Workspace immediately and notify our MLRO without undue delay. 

Similarly, where we identify a reportable suspicion, it will be our responsibility to submit a SAR to the NCA, however, we may ask you for additional client information and will require your full cooperation.  If the settlement has already been approved, you must ‘un-approve’ immediately and cease proceeding until confirmation to do so is received from PEXA’s MLRO.

Sharing Client Information

You should ensure that where you share your client’s information with us that you either obtain their consent or are satisfied that disclosure is permitted by law.  You should ensure that your client retainers confirm the arrangement you have with PEXA, which must include the sharing of client information for the purposes of meeting each of your and PEXA’s financial crime requirements and any associated reporting obligations. 

Documents

Client information must be provided within two Business Days of PEXA making the request.

Independent Audit

Under Reg 21 of the MLRs, where your firm is of the relevant size and nature, you are required to have an independent audit to test the adequacy and effectiveness of your PCPs.  We may ask you for a copy of any such audit carried out when completing or updating our law firm / conveyancer due diligence.